35
Fernando Serto Head of Security Tech and Strategy, APAC 06 th March 2018, Ambarrukmo Yogajakarta, ICION 6 TH Conference

Fernando Serto - icion-leadership.com · ©2017 AKAMAI | FASTER FORWARD. TM ... DNS, DDoS, WAF, Bot Mitigation, ... KONA. KONA. KONA. Now our goal here at Akamai …

Embed Size (px)

Citation preview

Fernando SertoHead of Security Tech and Strategy, APAC06th March 2018, Ambarrukmo Yogajakarta, ICION 6TH Conference

Cloud infrastructure alone is not enough

“slow” is the new “down”

Presenter
Presentation Notes
We crave speed. It has to be fast! We’re just not patient when it comes to the web. If it doesn’t show up right away, we’re inclined to quit and go elsewhere. “Slow” is the New “Down” So today’s cloud infrastructure providers and hosting services focus primarily on uptime and availability, proudly touting how many “9’s” of availability their infrastructure can guarantee. That’s important, to be sure, since an application that’s not running can cost millions in lost revenue and damaged reputation to your business. To meet these SLAs, cloud infrastructure providers maintain “just enough” points of presence to ensure availability, so the application or experience is reachable, and can fail over in the case of a datacenter outage or a regional calamity like an earthquake or power cut. That sounds good on paper, but in practice it’s just table stakes, a starting point – because the moment your app or digital experience exits that data center, you’re once again completely at the mercy of the “best effort” Internet. Just because the application is “available” at the data center, or your media content is “available” at origin, doesn’t tell you anything about how, or even whether, your users and customers are accessing that experience. And it’s no secret that as the quality of digital experiences has improved, user expectations for speed and reliability have escalated as well. For mobile and Web experiences, an additional 100 milliseconds in page load time can make the difference between a successful visit and a bounced session. (More than 50 percent of visitors will abandon a website that takes more than three seconds to load!) For rich media and video, user satisfaction and sentiment decreases with every few milliseconds of buffering time – and can turn completely negative with just one rebuffering event in the stream. That’s why we say “slow is the new down.” Users simply don’t have the patience for slow performance and will quickly go elsewhere – and in today’s digital economy, there’s always an alternative. It doesn’t matter if your app or experience is available if it’s not accessible.

©2017 AKAMAI | FASTER FORWARDTM

ONLY AKAMAI SERVERS ARE EVERYWHERE YOUR USERS ARE, DELIVERING UNMATCHED SPEED AND RELIABILITY

BIGGER ISN’T JUST BETTER — IT’S A NECESSITY

Presenter
Presentation Notes
In a lot of industries, being the biggest isn’t always a positive. But when it comes to cloud delivery, massive scale and distribution isn’t just nice to have, it’s a key requirement. That’s because many of the things a cloud delivery platform must accomplish simply cannot be achieved at anything less than massive scale. Consider content delivery using a highly centralized delivery network like AWS or Google. While these platforms do have multiple points of presence (perhaps fifty or so), that’s not nearly enough to guarantee performance and accessibility. The “slowest parts” of the Internet are encountered when traffic has to cross networks, and every time these “hops” happen, a significant slowdown occurs. With comparatively few POPs, centralized CDNs force content streams to traverse multiple networks on their way to the end user. By contrast, the Akamai platform is massively distributed, with more than 200,000 servers across 130 countries – meaning that an Akamai delivery server is within one network “hop” of 90 percent of Internet users globally, ensuring the best possible user experience.

©2017 AKAMAI | FASTER FORWARDTM

That’s where Akamai comes in.

Akamai is the world’s largest and most trusted cloud delivery platform, making it easier for

companies to provide the best and most secure digital experiences today and in the future.

Presenter
Presentation Notes
That’s where Akamai comes in. We’re not just a CDN, or a way to accelerate your website or secure your apps and environment – we’re the world’s largest and most trusted cloud delivery platform. That means we provide your business with a comprehensive, integrated platform that makes it easier for you to deliver amazing digital experiences that are fast, reliable and secure – backed up by exceptional service, global real-time monitoring, and unmatched expertise and technical innovation. No one can provide a 100% “SLA for the Internet” – but with the broadest array of best-in-class cloud delivery products and services, the Akamai Cloud Delivery Platform gives you the speed, reliability and security that your customers demand.

©2017 AKAMAI | FASTER FORWARDTM

+

Cloud infrastructureOptimized for high availability

Cloud delivery platformOptimized for secure, high accessibility

Presenter
Presentation Notes
In short, cloud infrastructure is optimized for provisioning and high availability operation of workloads, applications and data stores. Cloud delivery is optimized for the secure high accessibility of content, applications and data on any desired device, in any desired location. You need both – and as the world’s largest and most trusted cloud delivery platform, Akamai provides best-in-class digital performance management, ensuring your users receive superior, individualized digital experiences wherever, whenever and however they come online.

©2017 AKAMAI | FASTER FORWARDTM

Akamai gathers and analyzes huge amounts of performanceand security data in real time to optimize routing faster than anyoneand identify and respond to security threats in real time.

Massive scale is about more than content

MADE POSSIBLE WITH AKAMAI’S VAST DATA GATHERING AND MACHINE LEARNING

Presenter
Presentation Notes
For cloud delivery, that means that your content receives optimized routing in real time – much like having your own express lane on the Internet. That kind of optimization isn’t possible with just a few hundred or a few thousand servers (or even tens of thousands, for that matter). Only massive distribution and integration into almost the entire global Internet of networks, coupled with the world’s most advanced algorithms, can provide the needed data to make that happen – and only Akamai decides where and how to route your digital experiences based on the true performance of the Internet at that second. No other cloud delivery platform can do that. Plus, with tremendous amounts of user data showing how your experience is actually performing in real time, Akamai’s machine-learning intelligence can identify and mitigate security threats and problems in your delivery path even before they become an issue for your users. And the massive scale and distribution of the Akamai platform makes it almost impervious to network degradation and huge demand spikes that can cripple other platforms.

©2017 AKAMAI | FASTER FORWARDTM

Top external attack vectors

BUSINESS RISK

Source: The State of Network Security: 2016-2017, Forrester, January 2017

©2017 AKAMAI | FASTER FORWARDTM

©2017 AKAMAI | FASTER FORWARDTM

©2017 AKAMAI | FASTER FORWARDTM

Akamai successfully mitigateda 1.35Tbps DDoS attack

©2017 AKAMAI | FASTER FORWARDTM

©2017 AKAMAI | FASTER FORWARDTM

©2017 AKAMAI | FASTER FORWARDTM

Relax, the bad guys only want your CPU!!

©2017 AKAMAI | FASTER FORWARDTM

WHAT ABOUTMOBILITY and BYOD?

MACHINE TO MACHINE?API GATEWAYS???

©2017 AKAMAI | FASTER FORWARDTM

Akamai focuses on these areas of Cyber Security, DNS, DDoS, WAF, Bot Mitigation, Credential Stuffing/ATO,

Remote Access and Malware/Phishing/AUP

©2017 AKAMAI | FASTER FORWARDTM

Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

Attackers are exploiting the 72X imbalance in core capacity (and billions of insecure IoT devices)

Cloud Data Centers

Presenter
Presentation Notes
That’s because the attackers can leverage the massive capacity at the edge of the internet to swamp the datacenters in the core with attack traffic. And this becomes even more of a problem with IoT—there are billions of devices getting connected at the last mile that have a full communications stack, a powerful CPU, and little or no security. This gives the attackers a lot of power. And it’s getting to the point where attackers can not only swamp out cloud datacenters -- pretty soon, they’ll even be able to disconnect entire countries from the internet. <<>>

©2017 AKAMAI | FASTER FORWARDTM

Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

Akamai provides a defensive shield to absorb attack traffic…and to block application-layer attacks

KONA

KONA

KONA

KONA

KONA

KONA

KONAKONA

KONA

KONA

KONA

KONA

Presenter
Presentation Notes
Now our goal here at Akamai is to keep this sort of thing from happening. We want to keep you … and us … out of those nasty headlines we saw earlier. And one way we do that is by intercepting the attack traffic at the edge, where all the capacity is, before it can overwhelm your datacenters. By placing our servers in thousands of locations near end users, we can absorb enormous volumes of attack traffic. In fact, we use the same servers to absorb the attack traffic that we use to deliver enormous volumes of streaming content, which helps with efficiency and cost. Of course, scale is just one aspect of the security challenge. You also have to worry about application-layer defenses. And that’s where Kona Site Defender comes in. <<>> Kona examines all the traffic coming to your sites and apps and makes sure that it’s safe before passing any of it back to you. This is really important. For example, we all read the recent headlines where a major financial institution was breached using the Apache struts vulnerability. They lost private data on over 140M people. According to the news reports, they thought they had patched all their sites and apps after the vulnerability was announced but like many companies, they had lots of sites and apps, and it’s really hard to be sure you patched them all. As it turns out, they missed one, and it got exploited … with disastrous consequences. This is exactly the kind of scenario where Kona adds a lot of value. Simply by putting Kona in front of all your public-facing infrastructure, you can be safe even if you didn’t patch everything internally. Now of course, you want to patch your sites and apps as quickly as possible, but it can take time and you might miss something. But if you have Kona, you’ll still be safe. Defense in depth is now more important than ever when it comes to cybersecurity. <<>>

Traditional “moats and castles” no longer apply; your apps and data and users have

moved outside the firewall!

Cloud-native security for a cloud-based worldAkamai moves security and policy

to the edge of the Internet; providing effortless security for the cloud age

Traditional Perimeter Security Akamai Cloud Security

Presenter
Presentation Notes
There’s no question that we’re entering an entirely new age in information security. The traditional “moats and castles” model that businesses have relied on for decades, surrounding the “castle” of enterprise data, applications and networks with the “moat” of a secure perimeter and firewalls, is becoming outdated and irrelevant. Your applications, data and users have moved outside the secure firewall and into the cloud. They’ve jumped the moat – and your expensive security systems are left guarding an empty castle. Akamai takes a different approach to addressing these evolving security threats – an approach built for the cloud because it was born in the cloud. By moving security, policy and controls away from the core and to the edge, Akamai makes security portable and pervasive – and keeps threats like DDoS attacks and malicious bots far away from your users, data and applications. And because Akamai delivers security at the edge and not attached to your data center or cloud infrastructure, it’s entirely portable and works with absolutely zero impact on your website performance or the quality of your digital experiences. What’s more, the platform can provide simple, secure application access without using risky VPNs or open firewall ports, as well as protecting your users from accessing dangerous servers or receiving malicious payloads or other attack vectors. It’s effortless security for the cloud age.

©2017 AKAMAI | FASTER FORWARDTM

Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

DATA CENTER DEFENSES AREN’T ENOUGH ANYMORE

ATTACKS ARE BIGGER, MORE SOPHISTICATED, AND MORE UNPREDICTABLE THAN EVER BEFORE

Presenter
Presentation Notes
Among other things, there’s just no way to provision the capacity that you need to defend yourselves in a datacenter.  Even the largest cloud datacenters can be overwhelmed by the attacks we are now seeing.  And even if it was physically possible to equip the cloud datacenter with sufficient capacity, you wouldn’t be able to afford the cost.  <<>>

Old Security Platform in a Modern World?

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

21

Network

Applications

Data

©2017 AKAMAI | FASTER FORWARDTM

©2017 AKAMAI | FASTER FORWARDTM

Google BeyondCorp

Presenter
Presentation Notes
BeyondCorp Principles #1 Connecting from a particular network must not determine which services you can access #2 Access to services is granted based on what we know about you and your device #3 All access to services must be authenticated, authorized and encrypted.

©2017 AKAMAI | FASTER FORWARDTM

#ZeroTrust

Presenter
Presentation Notes
BeyondCorp Principles #1 Connecting from a particular network must not determine which services you can access #2 Access to services is granted based on what we know about you and your device #3 All access to services must be authenticated, authorized and encrypted.

©2017 AKAMAI | FASTER FORWARDTM

What is Google BeyondCorp?

Laptop

Device Inventory Database

Micro Perimeter

Apps

Access Proxy

Presenter
Presentation Notes
It also assumes that the cloud stack is globally distributed, or at least able to service chain different capabilities together in a coherent and performant fashion. Ideally it would be an integrated system that an enterprise can consume as a service without having to worry about the underlying infrastructure.��The cloud perimeter uses the Internet as its core network. In fact, adopting a cloud perimeter is an essential step to leveraging the Internet as WAN. And, as enterprises leverage the Internet as WAN, application optimization also needs to evolve to overcome the inherent performance and reliability challenges of the Internet.�In addition, the cloud perimeter architecture and approach allows abstraction of all the complexity enterprises deal with around appliance deployment, management, patching, license counts and the list goes on and on. �A cloud perimeter embraces simplicity and an inherent focus on users/devices and applications/data.� Verify and never trust is a core principal of the cloud perimeter. Are users across the digital ecosystem properly authenticated? And once the user is authenticated, do they have the authorization to access the various applications available to them? Does it make sense that this particular user is trying to log into this application at 3AM from Thailand? The cloud perimeter approach fully embraces the principle of least privilege. In addition, full visibility and logging enables enterprises to not only look at positive and negative security models, but also start to think about predictive analytics and behavioural analysis. For example, is that 3AM login really a person or is it a bot? What about traffic leaving the enterprise and connecting to a domain on the Internet. Is it malware command and control communication, is it an IoT device phoning home, or is it just an employee trying to access a resource on the Internet. Full visibility is the first step to effectively apply policy and enforce compliance and reduce risk. It is also important to think about the ultimate end-user experience. The focus on reducing risk shouldn't impact it. The end-user experience should be easy, seamless, and fast regardless of security measures in place. For IT and security teams, a cloud perimeter is about abstracting complexity. A cloud perimeter enables enterprise IT and security teams to focus on what’s important. They no longer need to worry about the underlying complex, and often brittle, systems that they deal with today. It is clear that moving from one architecture to another in the blink of an eye is unrealistic and will likely cause more harm than good. So integration with existing systems—whether that's an enterprise’s identity provider or SIEM—is important. With SIEM integration and visibility, the cloud perimeter architecture also provides insight across applications and users independent of where they reside (whether that’s in the cloud or on-premises). Finally, this integrated system in the cloud needs to support single sign-on across all apps: SaaS, on-prem, and public cloud to provide visibility, security, and performance. Once a user is authenticated, traffic will pass through the cloud perimeter. In other words, not only is the cloud perimeter in the authentication path, but also the data path. Being in the data path becomes critical for adding additional security and performance capabilities, such as CASB or data loss prevention. Adding these capabilities does mean that some form of service chaining or integration is required.

©2017 AKAMAI | FASTER FORWARDTM

Akamai’s version

Laptop

Micro Perimeter

Apps

Enterprise App Access

Presenter
Presentation Notes
It also assumes that the cloud stack is globally distributed, or at least able to service chain different capabilities together in a coherent and performant fashion. Ideally it would be an integrated system that an enterprise can consume as a service without having to worry about the underlying infrastructure.��The cloud perimeter uses the Internet as its core network. In fact, adopting a cloud perimeter is an essential step to leveraging the Internet as WAN. And, as enterprises leverage the Internet as WAN, application optimization also needs to evolve to overcome the inherent performance and reliability challenges of the Internet.�In addition, the cloud perimeter architecture and approach allows abstraction of all the complexity enterprises deal with around appliance deployment, management, patching, license counts and the list goes on and on. �A cloud perimeter embraces simplicity and an inherent focus on users/devices and applications/data.� Verify and never trust is a core principal of the cloud perimeter. Are users across the digital ecosystem properly authenticated? And once the user is authenticated, do they have the authorization to access the various applications available to them? Does it make sense that this particular user is trying to log into this application at 3AM from Thailand? The cloud perimeter approach fully embraces the principle of least privilege. In addition, full visibility and logging enables enterprises to not only look at positive and negative security models, but also start to think about predictive analytics and behavioural analysis. For example, is that 3AM login really a person or is it a bot? What about traffic leaving the enterprise and connecting to a domain on the Internet. Is it malware command and control communication, is it an IoT device phoning home, or is it just an employee trying to access a resource on the Internet. Full visibility is the first step to effectively apply policy and enforce compliance and reduce risk. It is also important to think about the ultimate end-user experience. The focus on reducing risk shouldn't impact it. The end-user experience should be easy, seamless, and fast regardless of security measures in place. For IT and security teams, a cloud perimeter is about abstracting complexity. A cloud perimeter enables enterprise IT and security teams to focus on what’s important. They no longer need to worry about the underlying complex, and often brittle, systems that they deal with today. It is clear that moving from one architecture to another in the blink of an eye is unrealistic and will likely cause more harm than good. So integration with existing systems—whether that's an enterprise’s identity provider or SIEM—is important. With SIEM integration and visibility, the cloud perimeter architecture also provides insight across applications and users independent of where they reside (whether that’s in the cloud or on-premises). Finally, this integrated system in the cloud needs to support single sign-on across all apps: SaaS, on-prem, and public cloud to provide visibility, security, and performance. Once a user is authenticated, traffic will pass through the cloud perimeter. In other words, not only is the cloud perimeter in the authentication path, but also the data path. Being in the data path becomes critical for adding additional security and performance capabilities, such as CASB or data loss prevention. Adding these capabilities does mean that some form of service chaining or integration is required.

©2017 AKAMAI | FASTER FORWARDTM

User

ClientFirewall

App 1

App 3

App 2

Application Access Control

?

Application Access Control

Firewall

App 1

App 3

App 2

Application Access Control

?

Application Access Control

Datacenter

AWS/Azure

High Cost

Buy, Deploy, Manage

Global LBDDoSFW/IPSRAS/VPNWAN OptInternal LBMFA

DMZ

Global LBDDoS FW/IPSRAS/VPNWAN OptInternal LBMFA

DMZ

User Experience

Slow – depends on location of apps, users accessing from various locations and number of VPN gateways

Inconsistent – Different on-prem and off-net experience

Complexity

Many DMZs, Site-to-Site VPNs

Simpler, Secure Access to Enterprise Apps

©2017 AKAMAI | FASTER FORWARDTM

Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

User

Enterprise App Access

App 2

Enterprise Connector

Firewall

App 1

Datacenter

> No hole in the firewall – outbound only> No complex configuration – cloud managed> No client software – browser based> No lateral movement – app specific access

Global LBDDoS FW/IPSRAS/VPNWAN OptInternal LBMFA

DMZ

Access and security controls move from static on‐premise to the cloud

Simpler, Secure Access to Enterprise Apps

©2017 AKAMAI | FASTER FORWARDTM

DNS lookup Time to first byte

Initial connection Content download

malware.com 70 ms 60 ms 60 ms 140 ms

91.3% of known bad malware uses DNS

©2017 AKAMAI | FASTER FORWARDTM

Limited Visibility vsEnterprise A

Enterprise B

DNS Exfiltration DNS requests containing data<obfuscated SSN><obfuscated PII>.com

Command & Control Infrastructure

Compromised System

Blacklist EvasionDNS requests to C&C/DGA domains

10:01-10:09AM: www.sdg43ts.com10:09-10:18AM: www.sf903lc.com

Command & Control Infrastructure

Compromised System

DNS – The New Signal

©2018 AKAMAI | FASTER FORWARDTM

Web

SaaS

IaaS

Datacenter

App

App

App

AD/LDAP

IoT

Identity & MFASSO & auth bridgingApp proxyPerformance accelerationApp security (WAF)Malware & threat protection

CSI

TRENDSApps Moving Outside

User Diversity

Malware Evolving

CHALLENGESNetwork Trust & Malware

Complexity & IT Resources

Poor User Experience

BENEFITSZero Trust Architecture

Simple & Flexible

Improved User Experience

Visibility & Auditing

©2018 AKAMAI | FASTER FORWARDTM

Malware ProtectionSimple, proactive malware

protection on & off net

EmployeesRemote developers, field employees, BYOD, M&A,

etc.

3rd PartiesSimplify and lock down

3rd party access

ApplicationsPerformance sensitive

apps, public cloud apps, etc.

Zero Trust Assessment & Phasing Guide

Zero Trust - Where To Get Started

Fernando SertoHead of Security Technology and Strategy, Asia Pacific

With the challenges associated with a modern enterprise environment,companies are now facing multiple challenges, from performance problemswith users spread around large geographies to the threat of modern securitythreats, such as targeted phishing and malware campaigns.

Akamai has been working with our customers on how to adapt to suchchallenges and provide a secure approach to protect users andinfrastructure from modern threats. From Web Security services to acomplete ZeroTrust approach.

• Increasing importance of API security• Protecting your business from malicious bots and credential stuffing• Adopting a cloud perimeter and taking a ‘verify and never trust’

approach”

• Support our effort to build a Safer Cyber Security World in Indonesia. Our official CISSP classes scheduled for April 23th to 27th 2018

• Contact to Vannie via +62 877 7567 8589• Join us in our Linkedin Group ICION as below • https://www.linkedin.com/groups/3942786

Thank You, see you in ICION 2019

Call to Vannie at +62 877 7567 8589

SOC and SIEM – THREE DAYS IN may

• Cyber Security Class on the 2rd,3rd and 4th of May three days with last day on SIEM best practices and lab

• Ping to us via +62 818 102085 , a ICION PRODUCTION

• Trainer Kirby Chong